Bootstrap script exposes PyPI to domain takeover attacks

ReversingLabs discovered that legacy PyPI bootstrap scripts fetch and execute code from the abandoned python-distribute.org domain, creating a domain-takeover supply-chain vulnerability affecting numerous packages; researchers produced a PoC, enumerated affected projects and IoCs, and warned that while no abuse of this domain was observed, comparable incidents (e.g., the npm fsevents compromise) demonstrate the real-world risk of such takeovers.